[Pkg-mediawiki-devel] Bug#550940: Mediawiki settings file world-readable

Nico Golde nion at debian.org
Mon Jul 4 21:35:29 UTC 2011


Hi,
* Ian Jackson <ijackson at chiark.greenend.org.uk> [2011-07-04 13:00]:
> Hi, security guys.  Would you care to take a look at #550940 ?  
> I think this is the kind of security problem which should perhaps
> warrant a DSA.
> 
> The maintainer's response (that this is fixed in a new upstream
> version and therefore wouldn't be fixed in squeeze) seems
> very surprising to me.

I don't have a test installation around now to verify this. Can someone verify 
if the default permissions on squeeze/lenny might be 666 as well?
If yes, this should get a DSA.

Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mediawiki-devel/attachments/20110704/b726215c/attachment.pgp>


More information about the Pkg-mediawiki-devel mailing list